*job overview*:
*key responsibilities*:
- design, oversee implementation, and monitor security measures for the protection of information systems, networks, and data.
- conduct vulnerability assessments, penetration testing, and security audits.
- investigate security breaches and lead incident response efforts.
- develop, update, and enforce company-wide security policies and procedures.
- collaborate with it to enhance firewall, intrusion detection, and prevention systems (ids/ips).
- oversee implementation and maintenance of security solutions, such as antivirus, encryption, and data loss prevention systems.
- conduct internal and external security audits to ensure compliance with industry security standards and certifications (e.g., iso 27001, soc 2, pci dss).
- coordinate with external auditors and regulators during the audit process to demonstrate compliance with required security certifications.
- maintain documentation and evidence for audit purposes, ensuring readiness for annual or periodic certification renewals.
- continuously monitor for emerging security threats and vulnerabilities and update systems accordingly.
- support risk management processes by identifying and mitigating potential security risks.
- create and maintain security documentation, including risk assessments, disaster recovery plans, and audit reports.
- provide training and guidance to staff on security awareness and best practices.
- ensure compliance with industry standards and regulations, such as gdpr, hipaa, and iso 27001.
*required qualifications*:
- bachelor’s degree in cybersecurity, information technology, computer science, or a related field.
- minimum of 3-5 years of experience in a cybersecurity or information security role.
- in-depth knowledge of security frameworks and best practices (e.g., nist, cis, iso 27001).
- experience conducting audits or assessments for security certifications, such as iso 27001, soc 2, or pci dss.
- experience with network security tools (firewalls, ids/ips, vpn, etc.).
- strong understanding of encryption technologies, identity and access management (iam), and security protocols.
- knowledge of scripting languages (python, bash, powershell) for automating security tasks.
- familiarity with compliance regulations and industry standards (e.g., gdpr, hipaa, pci dss).
- experience with incident response, threat analysis, and risk mitigation.
- relevant certifications, such as cissp, cism, ceh, or comptia security+.
*preferred skills*:
- experience with cloud security (aws, azure, gcp).
- experience with siem tools, threat intelligence platforms, and endpoint detection and response (edr).
- understanding of devsecops and integrating security into the development pipeline.
- strong analytical and problem-solving skills.
*personal attributes*:
- strong attention to detail and ability to work in a fast-paced environment.
- excellent communication skills, both written and verbal.
- ability to work independently and as part of a team.
- proactive approach to identifying and resolving security issues.